Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: ICO releases report on cybersecurity breaches

On May 10, 2024, the Information Commissioner's Office (ICO) published its 'Learning from the mistakes of others' report which analyses the data breach reports the ICO has received and provides advice on how organizations can manage common cybersecurity failures.

What are the key elements of the report?

The report focuses on the several causes of cybersecurity breaches including phishing, brute force attacks, denial of service, errors, and supply chain attacks. For each cause, the report explains how these attacks take place, some key considerations to mitigate the risk, and likely future developments. The report also includes case studies from the ICO's regulatory activities and advice on how the incidents in the cases could have been avoided. The report advises organizations with large volumes of personal information to consider how to remedy or mitigate potential threats to security in their risk assessments.

Enforcement action

Notably, the report highlights that the ICO has taken enforcement action against organizations that have failed to:

  • secure external connections without multi-factor authentication (MFA);
  • log and monitor systems and act when there is unexpected exfiltration or there are unexpected remote desktop protocol (RDP) connections from the internet;
  • act on alerts from endpoint protection, such as anti-malware or anti-virus;
  • use strong passwords on internal accounts or use unique passwords across multiple accounts, or both; and
  • mitigate against known vulnerabilities, applying critical patches within 14 days where possible.

You can read the press release here and the report here.